1. 04 5月, 2017 6 次提交
  2. 03 5月, 2017 5 次提交
  3. 02 5月, 2017 1 次提交
  4. 27 4月, 2017 1 次提交
  5. 26 4月, 2017 9 次提交
  6. 25 4月, 2017 2 次提交
  7. 24 4月, 2017 2 次提交
  8. 21 4月, 2017 1 次提交
  9. 20 4月, 2017 1 次提交
  10. 13 4月, 2017 2 次提交
  11. 12 4月, 2017 1 次提交
  12. 11 4月, 2017 1 次提交
  13. 10 4月, 2017 2 次提交
    • B
      Allow an ALPN callback to pretend to not exist · 8313a787
      Benjamin Kaduk 提交于
      RFC 7301 mandates that the server SHALL respond with a fatal
      "no_application_protocol" alert when there is no overlap between
      the client's supplied list and the server's list of supported protocols.
      In commit 06217867 we changed from
      ignoring non-success returns from the supplied alpn_select_cb() to
      treating such non-success returns as indicative of non-overlap and
      sending the fatal alert.
      
      In effect, this is using the presence of an alpn_select_cb() as a proxy
      to attempt to determine whether the application has configured a list
      of supported protocols.  However, there may be cases in which an
      application's architecture leads it to supply an alpn_select_cb() but
      have that callback be configured to take no action on connections that
      do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
      the callback would be the natural way to do so.  Unfortunately, the
      aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
      indicative of no overlap and terminated the connection; this change
      supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
      callback.  In effect, it provides a way for a callback to obtain the
      behavior that would have occurred if no callback was registered at
      all, which was not possible prior to this change.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/2570)
      8313a787
    • R
  14. 07 4月, 2017 6 次提交